For the first deployed Sensor, registration provisions the USM Anywhere instance and gives you access to the Sensor through the USM Anywhere web UI, where you complete the Sensor Setup. You perform this procedure after deploying the USM Anywhere Sensor within your AWS account.
After you complete the deployment of your first USM Anywhere Sensor, you must register the sensor using the initial authentication code (starts with a "C"). With this code, the registration process requests a new USM Anywhere instance and defines its attributes (such as how many Sensors to allow, how much storage to provide, and what email address to use for the initial user account).
Important: USM Anywhere instance provisioning takes place only for the first deployed Sensor. If you are deploying an additional Sensor for your USM Anywhere environment, you can simply register the Sensor using the generated authentication code (starts with an "S") and use the Setup Wizard to complete the Sensor setup.
To register your Sensor and provision the instance
Click the URL displayed for the running stack in the AWS console.
This opens the WELCOME TO USM ANYWHERE SENSOR SETUP page, which prompts you to provide the information for registering the Sensor with your new USM Anywhere instance.
- Enter a Sensor Name and Sensor Description.
- Paste the authentication code sent from AlienVault into the field with the Key icon ().
Click Start Setup to start the process of connecting the USM Anywhere Sensor.
The provisioning of your USM Anywhere instance upon registration of your initial Sensor takes about 20 minutes. When this instance is provisioned and running, you’ll see a welcome message that provides an access link.
Use this link to open the secured web console for your USM Anywhere instance. You and the other USM Anywhere users in your organization can access this console from a web browser on any system with internet connectivity.
Note: You'll also receive an email from AlienVault that provides the access link to USM Anywhere.
When you link to a newly-provisioned USM Anywhere instance, you must configure the password for the initial user account. This is the default administrator as defined in your subscription.
To configure login credentials
Click the link in the welcome message.
This displays a prompt to set the password to use for the default administrator of USM Anywhere.
Enter the password, and again to confirm.
USM Anywhere requires a minimum password length of eight characters, with a maximum length of 128 characters. The password must combine numerical digits (0-9), uppercase letters (A-Z), and lowercase letters (a-z). Special characters, such as hyphen (-) and underscore (_) are supported, but optional.
Note: USM Anywhere passwords expire after 90 days. When your password expires, USM Anywhere enforces the password change when you next log intoLog in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password. the system using the current (now expired) password. A new password must be different than the previous four passwords.
- Click Save & Continue.
When the login page appears, enter the password you just set, select the acceptance of the terms of service, and click Login.
It's a good idea to verify that the USM Anywhere Sensor is running. It also gives you the chance to watch the sensor actively working to find all of your assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. and to record events from the start.
Note: Make sure to verify that the Sensor is running before performing configuration. You can keep one web browser tab with the WELCOME TO USM ANYWHERE page in the background while you perform the verification on a different tab.
To verify the new USM Anywhere Sensor
In USM Anywhere, go to DATA SOURCES > SENSORS.
You should now see your Sensor in the page.
After a few minutes, USM Anywhere locates your assets and starts registering events.
You can review the activity in two locations.
- From the primary task bar, select ENVIRONMENT > ASSETS.
- From the primary task bar, select ACTIVITY > EVENTS.
Note: It could take up to six minutes before events appear. Make sure to refresh your browser from time to time to display the current data.
This example shows the detected assets that USM Anywhere might discover from an asset scan.
To configure your USM Anywhere AWS Sensor, see Completing the AWS Sensor Setup.